What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-10-01 11:16:35 | Danish company Demant expects to incur losses of up to $95 after cyber attack (lien direct) | Demant, a leading international hearing health care company, expects to incur losses of up to $95 million following a ransomware attack. Last month, Demant suffered a cyber attack that caused important problems to its operations, the company has yet to recover after the attack, a circumstance that suggests it was hit by a ransomware attack. […] | Ransomware Guideline | ||
|
2019-10-01 08:16:41 | Frequent VBA Macros used in Office Malware (lien direct) | The malware expert Marco Ramilli collected a small set of VBA Macros widely re-used to “weaponize” Maldoc (Malware Document) in cyber attacks. Nowadays one of the most frequent cybersecurity threat comes from Malicious (office) document shipped over eMail or Instant Messaging. Some analyzed threats examples include: Step By Step Office Dropper Dissection, Spreading CVS Malware over Google, Microsoft […] | Malware Threat | ||
|
2019-10-01 07:55:31 | Gucci IOT Bot Discovered Targeting European Region (lien direct) | Security Labs discovered a new IOT bot named “GUCCI”. It seems like the IOT botnet is named after an Italian luxury brand of fashion and leather goods. Analysis The discovery came to exist during our reconnaissance and intelligence collection process. The IOT threat detection engine picked the infection IP has shown below hosting number of bins […] | Threat | ||
|
2019-10-01 07:03:37 | (Déjà vu) Tridium Niagara framework affected by 2 flaws in BlackBerry QNX OS (lien direct) | Tridium's Niagara product is affected by two vulnerabilities in BlackBerry's QNX operating system for embedded devices. The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) is warning of two vulnerabilities in Tridium’s Niagara product that reside in the BlackBerry's QNX operating system for embedded devices. The flaws could be exploited by a […] | |||
|
2019-09-30 20:46:10 | eGobbler \'s malvertising campaign hijacked over 1 billion ad impressions (lien direct) | A recently observed a malvertising campaign carried out by a threat group dubbed eGobbler that hijacked roughly 1.16 billion ad impressions. Researchers at Confiant observed a malvertising campaign carried out by a threat actor dubbed eGobbler hijacked roughly 1.16 billion ad impressions to redirect victims to websites hosting malicious payloads. The campaign was observed between August 1 […] | Threat | ||
|
2019-09-30 14:39:53 | (Déjà vu) A new critical flaw in Exim exposes email servers to remote attacks (lien direct) | Exim maintainers released an urgent security update to address a critical security flaw that could allow a remote attacker to potentially execute malicious code on targeted servers. Exim maintainers released an urgent security update, Exim version 4.92.3, to address a critical security vulnerability that could allow a remote attacker to crash or potentially execute malicious code on […] | Vulnerability | ||
|
2019-09-30 12:18:20 | Exclusive: MalwareMustDie analyzes a new IoT malware dubbed Linux/ AirDropBot (lien direct) | After 2 years of waiting, MalwareMustDie returns with an excellent page of malware analysis of a new IoT malware: Linux/AirDropBot. Yes, I have to confess, it was hard to wait all this time, but the reward it was worth it: unixfreaxjp is return, with a new, great page of reverse engeeniring published on the MalwareMustDie […] | Malware | ||
|
2019-09-30 10:10:59 | Iran\'s oil minister orders \'Full Alert\' for oil sector on against attacks (lien direct) | Iran ‘s oil minister on Sunday ordered representatives of the energy sector to be on ‘full alert’ to the threat of “physical and cyber” attacks. Iran’s oil minister, Bijan Namdar Zanganeh, ordered companies operating in the energy sector to be on ‘full alert’ to the threat of “physical and cyber” attacks. “it is necessary for […] | Threat | ||
|
2019-09-30 08:19:53 | Arcane Stealer V, a threat for lower-skilled adversaries that scares experts (lien direct) | Experts recently analyzed an information-stealing malware tracked as Arcane Stealer V that is very cheap and easy to buy in the Dark Web. In July 2019, researchers at Fidelis Threat Research Team (TRT) analyzed a sample of Arcane Stealer V, a .net information-stealing malware that is easy to acquire in the dark web. The author […] | Malware Threat | ||
|
2019-09-30 07:58:11 | Microsoft will add new file types to the list of blocked ones in Outlook on the Web (lien direct) | Microsoft announced last week it is going to expand the list of file extensions that are blocked in Outlook on the web. Microsoft announced that it will immediately block other file extensions for its Outlook web users, it will impossible for them to download this type of attachments. Microsoft pointed out that the newly blocked […] | |||
|
2019-09-29 20:23:58 | Phishers continue to abuse Adobe and Google Open Redirects (lien direct) | Adobe and Google Open Redirects Abused by Phishing Campaigns Experts reported that phishing campaigns are leveraging Google and Adobe open redirects to bypass spam filters and redirect users to malicious sites. Phishers are abusing Google and Adobe open redirects to bypass spam filters and redirect users to malicious sites. Crooks abuse Google and Adobe services […] | Spam | ||
|
2019-09-29 13:14:39 | (Déjà vu) Security Affairs newsletter Round 233 (lien direct) | A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! 0patch will provide micropatches for Windows […] | |||
|
2019-09-29 12:48:05 | Hacker claims to have stolen over 218M Zynga \'Words with Friends\' Gamers records (lien direct) | Hackers have stolen more than 218 million records from the popular ‘Words With Friends’ developed by the mobile social game company Zynga Inc. Do you remember Gnosticplayers? The popular hacker Gnosticplayers that between February and April disclosed the existence of some massive unreported data breaches in five rounds. He offered for sale almost a billion user records stolen from nearly 45 […] | |||
|
2019-09-29 08:57:36 | WhiteShadow downloader leverages Microsoft SQL to retrieve multiple malware (lien direct) | Researchers at Proofpoint have spotted a piece of downloader, dubbed WhiteShadow, that leverages Microsoft SQL queries to pull and deliver malicious payloads. In August, malware researchers at Proofpoint spotted a new downloader which is being used to deliver a variety of malware via Microsoft SQL queries. The experts detected new Microsoft Office macros, which collectively […] | Malware | ||
|
2019-09-29 07:55:03 | Masad Stealer Malware exfiltrates data via Telegram (lien direct) | Experts at Juniper Threat Labs have discovered a new piece of malware dubbed Masad Stealer that exfiltrates cryptocurrency wallet files via Telegram. Security researchers at the Juniper Threat Labs discovered a strain of malware dubbed Masad Stealer that is actively distributed. The malware could steals files, browser information, and cryptocurrency wallet data and send them […] | Malware Threat | ||
|
2019-09-28 19:39:13 | Nodersok malware delivery campaign relies on advanced techniques (lien direct) | Microsoft researchers observed a campaign delivering malware, dubbed Nodersok, relying on advanced techniques and elusive network infrastructure. Microsoft experts observed a malware campaign, tracked as Nodersok, relying on advanced techniques and elusive network infrastructure. Microsoft uncovered the campaign in mid-July when noticed patterns in the anomalous usage of MSHTA.exe. Nodersok abuse of legitimate tools also […] | Malware | ||
|
2019-09-28 15:15:14 | German police arrest suspects in raid network hosting Darknet marketplaces (lien direct) | German police have shut down a network hosting Darknet marketplaces focused on the trading of drugs, stolen data and child pornography. German police announced to have shut down a network hosting Darknet black marketplaces trading drugs, stolen data, and child pornography. The black marketplaces were also offering stolen data and fake documents, and other illegal […] | |||
|
2019-09-28 12:22:28 | Malware-based attacks disrupted operations of Rheinmetall AG and Defence Construction Canada (lien direct) | A series of cyber attacks hit the defense contractors Rheinmetall AG and Defence Construction Canada (DCC) causing the disruption of their information technology systems. This month a series of cyber attack hit defense contractors Rheinmetall AG and Defence Construction Canada (DCC) disrupting their information technology systems. German Rheinmetall AG is a market leader in the supply of military technology, in […] | Guideline | ||
|
2019-09-28 08:18:16 | After SIMJacker, WIBattack hacking technique disclosed. Billions of users at risk (lien direct) | Researchers are warning of a new variant of recently disclosed SimJacker attack, dubbed WIBattack, that could expose millions of mobile phones to remote hacking. WIBattack is a new variant of the recently discovered Simjacker attack method that could expose millions of mobile phones to remote hacking. A couple of weeks ago, cybersecurity researchers at AdaptiveMobile Security disclosed a […] | |||
|
2019-09-27 14:30:28 | (Déjà vu) Checkm8: unpatchable iOS exploit could lead to permanent jailbreak for iOS devices running A5 to A11 chips (lien direct) | A security expert has released a new jailbreak, dubbed Checkm8, that impacts all iOS devices running on A5 to A11 chipsets, it works on iPhone models from 4S to 8 and X. The security expert Axi0mX has released a new jailbreak, dubbed Checkm8, that works on all iOS devices running on A5 to A11 chipsets. The jailbreak works with all Apple products released […] | |||
|
2019-09-27 12:37:31 | Magecart 5 hacker group targets L7 Routers (lien direct) | IBM researchers observed one of the Magecart groups using a malicious code to inject into commercial-grade layer 7 L7 routers. IBM X-Force Incident Response and Intelligence Services (IRIS) experts observed that one of the Magecart groups, tracked as MG5, is using malware to inject into commercial-grade L7 routers. The experts believe the hackers are likely […] | Malware | ||
|
2019-09-27 09:33:26 | Emsisoft released a new free decryption tool for the Avest ransomware (lien direct) | Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days after the release of WannaCryFake decryptor. Emsisoft security firm has released a new free decryption tool for the Avest ransomware, a few days ago the researchers also released a free decryptor for the WannaCryFake ransomware. The Avest ransomware […] | Ransomware Tool | Wannacry | |
|
2019-09-27 07:40:12 | DoorDash Data Breach exposes data of approximately 5 million users (lien direct) | DoorDash is a San Francisco–based on-demand food delivery service, the company confirmed it has suffered a data breach that exposed roughly 5 million users. DoorDash announced a data breach that exposed the personal information of 4.9 million consumers, Dashers, and merchants. According to the data breach notification sent to the impacted customers and the security note published […] | Data Breach | ||
|
2019-09-26 20:00:37 | Botnet exploits recent vBulletin flaw to protect its bots (lien direct) | Security expert Troy Mursch of Bad Packets reported that a botnet is exploiting the recently disclosed vBulletin exploit to block other attackers from also using it. The security expert Troy Mursch observed a botnet that it utilizing the recently disclosed vBulletin exploit to secure vulnerable servers to avoid that can be compromised by other threat actors. […] | Threat | ||
|
2019-09-26 14:24:27 | iOS 13 Bug Gives Third-Party Keyboards “Full Access” Permissions (lien direct) | This week, Apple released iOS 13 and iPadOS, now a few days later, the company is warning users of an unpatched security flaw in third-party keyboard apps. Apple has released a security advisory to warn users of an unpatched security bug in iOS 13 that affects third-party keyboard apps. The bug can result in granting […] | |||
|
2019-09-26 12:43:15 | Airbus suppliers were hit by four major attack in the last 12 months (lien direct) | Airbus Hit by Series of Cyber Attacks on Suppliers: Security Sources The European multinational aerospace corporation Airbus has been hit by a series of attacks, hackers targeted its suppliers to steal Intellectual property. The European aerospace giant Airbus has been hit by a series of supply chain attacks, threat actors hit its suppliers in the […] | Threat | ||
|
2019-09-26 11:39:13 | Study shows connections between 2000 malware samples used by Russian APT groups (lien direct) | A joint research from Intezer and Check Point Research shows connections between nearly 2,000 malware samples developed by Russian APT groups. A joint research from Intezer and Check Point Research shed light on Russian hacking ecosystem and reveals connections between nearly 2,000 malware samples developed by Russian APT groups. The report is extremely interesting because gives to the analysts […] | Malware | ||
|
2019-09-26 07:27:19 | USBsamurai for Dummies: How To Make a Malicious USB Implant & Bypass Air-Gapped Environments for 10$. The Dumb-Proof Guide. (lien direct) | The popular researcher Luca Bongiorni described how to make a malicious USB Implant (USBsamurai) that allows bypassing Air-Gapped environments with 10$. In the previous post, I have talked a bit about USBsamurai based on C-U0007. With this article I wanna bring more light regarding: Which are the differences between C-U0007 & C-U0012 How to Build USBsamurai […] | |||
|
2019-09-26 07:01:34 | Emsisoft releases a free decryptor for the WannaCryFake ransomware (lien direct) | Researchers at Emsisoft security firm have released a new free decryption tool for the WannaCryFake ransomware. Good news for the vicitms of the WannaCryFake ransomware, researchers at Emsisoft have released a FREE decryption tool that will allow decrypting their data. WannaCryFake is a piece of ransomware that uses AES-256 to encrypt a victim's files. The […] | Ransomware Tool | Wannacry | |
|
2019-09-25 21:28:26 | Czech Intelligence \'s report attributes major cyber attack to China (lien direct) | The Czech Intelligence agency blames China for a major cyber attack that hit a key government institution in the Czech Republic in 2018. According to a report published by the NUKIB Czech Intelligence agency, China carried out a major cyber attack on a key government institution in the Czech Republic last year. The report issued […] | |||
|
2019-09-25 13:22:34 | Heyyo dating app left its users\' data exposed online (lien direct) | Another day, another embarrassing data leak made the headlines, the online dating app Heyyo left a server exposed on the internet. The online dating app Heyyo left a server exposed on the internet without protection, data were stored on an Elasticsearch instance. The exposed data included personal details, images, location data, phone numbers, and dating […] | |||
|
2019-09-25 06:53:15 | US Utilities Targeted with LookBack RAT in a new phishing campaign (lien direct) | Security experts at Proofpoint observed a new wave of phishing attacks aimed at US Utilities in an attempt to deliver the LookBack RAT. Security experts at Proofpoint have discovered a new series of phishing attacks targeting entities US utilities in an attempt to deliver the LookBack RAT. In early August, the expert reported that between […] | |||
|
2019-09-25 05:53:45 | Adobe Patches two critical vulnerabilities in ColdFusion (lien direct) | Adobe released security updates to address three severe vulnerabilities in its ColdFusion web application development platform Adobe released ColdFusion 2016 Update 12 and ColdFusion 2018 Update 5 to address three severe vulnerabilities in its ColdFusion web application development platform, two of them have been rated as “critical.” “Adobe has released security updates for ColdFusion versions […] | |||
|
2019-09-24 21:35:14 | Hacker discloses details and PoC exploit code for unpatched 0Day in vBulletin (lien direct) | An anonymous hacker disclosed technical details and proof-of-concept exploit code for a critical zero-day remote code execution flaw in vBulletin. vBulletin is one of the most popular forum software, for this reason, the disclosure of a zero-day flaw affecting it could impact a wide audience. More than 100,000 websites online run on top of vBulletin. […] | |||
|
2019-09-24 20:01:51 | A new Fancy Bear backdoor used to target political targets (lien direct) | Security experts at ESET have uncovered a new campaign carried out by Russia-linked Fancy Bear APT group aimed at political targets. Security researchers at ESET have uncovered a new campaign carried out by Russia-linked Fancy Bear APT group (i.e. APT28, Sednit, Sofacy, Zebrocy, and Strontium) aimed at political targets. In the recent attacks, the hackers […] | APT 28 | ||
|
2019-09-24 14:26:29 | APT or not APT? What\'s Behind the Aggah Campaign (lien direct) | Researchers at Yoroi-Cybaze ZLab discovered an interesting drop chain associated with the well-known Aggah campaign. Introduction During our threat monitoring activities, we discovered an interesting drop chain related to the well-known Aggah campaign, the ambiguous infection chain observed by Unit42 which seemed to deliver payloads potentially associated with the Gorgon Group APT. After that, we discovered other malicious activities […] | Threat | ||
|
2019-09-24 12:46:22 | Microsoft released an out-of-band patch to fix Zero-day flaw exploited in the wild (lien direct) | Microsoft released an out-of-band patch to address a Zero-day memory corruption vulnerability in Internet Explorer that has been exploited in attacks in the wild. Microsoft has released an out-of-band patch for an Internet Explorer zero-day vulnerability that was exploited in attacks in the wild. The vulnerability tracked as CVE-2019-1367 is a memory corruption flaw that resides […] | Vulnerability | ||
|
2019-09-24 05:12:29 | North Korea-linked malware ATMDtrack infected ATMs in India (lien direct) | Kaspersky experts spotted a new piece of ATM malware, dubbed ATMDtrack, that was developed and used by North Korea-linked hackers. Kaspersky researchers discovered a new piece of ATM malware, tracked as ATMDtrack, that was developed and used by North Korea-linked hackers. Threat actors deployed the malware on ATM systems to steal payment card details of […] | Malware Threat | ||
|
2019-09-23 16:30:42 | Campbell County Memorial Hospital in Wyoming hit by ransomware attack (lien direct) | Campbell County Memorial Hospital in Gilette, Wyoming is facing service disruptions after a ransomware attack hit its computer systems on Friday. On Friday, the Campbell County Memorial Hospital in Gilette, Wyoming, suffered a ransomware attack that is still causing service disruptions. “Campbell County Health has been the victim of a ransomware attack. All CCH computer […] | Ransomware | ||
|
2019-09-23 08:04:23 | Thinkful forces a password reset for all users after a data breach (lien direct) | The online education platform for developers Thinkful suffered a security breach and is notifying the incident to its customers requiring them to reset their passwords. The online education platform for developers Thinkful has suffered a data breach, just a few days after it has announced it would be acquired by the education tech firm Chegg for […] | Data Breach | ||
|
2019-09-23 07:43:01 | Privilege Escalation flaw found in Forcepoint VPN Client for Windows (lien direct) | Security researcher Peleg Hadar of SafeBreach Labs discovered a privilege escalation flaw that impacts all versions of Forcepoint VPN Client for Windows except the latest release. Security expert Peleg Hadar of SafeBreach Labs discovered a privilege escalation vulnerability, tracked as CVE-2019-6145, that affects all versions of VPN Client for Windows except the latest release. The […] | |||
|
2019-09-23 05:54:38 | TortoiseShell Group targets IT Providers in supply chain attacks (lien direct) | Symantec spotted a new threat actor, tracked as TortoiseShell, that is compromising IT providers to target their specific customers. Symantec researchers spotted a new threat group, tracked as TortoiseShell, that is compromising IT providers to target their specific customers. The group was first spotted in 2018, but experts speculate that it has been active for […] | Threat | ||
|
2019-09-22 12:27:52 | Critical flaws affect Jira Service Desk and Jira Service Desk Data Center (lien direct) | Atlassian released security updates for Jira Service Desk and Jira Service Desk Data Center to address a critical flaw that can lead to information disclosure Atlassian released security updates to address critical vulnerabilities in Jira Service Desk and Jira Service Desk Data Center. One of the flaw can lead to information disclosure, while another critical […] | Guideline | ||
|
2019-09-22 10:51:12 | (Déjà vu) Security Affairs newsletter Round 232 (lien direct) | A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! A bug in Instagram exposed user […] | |||
|
2019-09-22 08:17:07 | 0patch will provide micropatches for Windows 7 and Server 2008 after EoS (lien direct) | With the end-of-life of Windows 7 and Server 2008, their users will no more receive security patches, the only way to remain protected is to trust in micropatches. On January 14, 2020, support for Window 7, Windows Server 2008 and 2008 R2 will end, this means that users will no longer receive security updates. In order to address security […] | |||
|
2019-09-22 07:31:26 | Facebook suspends tens of thousands of apps from hundreds of developers (lien direct) | Facebook announced it has suspended tens of thousands of apps as a result of a review of privacy practices launched following the Cambridge Analytica scandal. In April 2018, Facebook revealed that 87 million users have been affected by the Cambridge Analytica case, much more than 50 million users initially thought. The company allowed to access to the personal data of […] | |||
|
2019-09-21 15:16:32 | Iran denies successful cyber attacks hit infrastructures of its oil sector (lien direct) | In the last hours, some western media reported destructive cyber attacks against infrastructures in the Iranian oil sector, but Iran denied it. Last week drone attacks have hit two major oil facilities run by the state-owned company Aramco in Saudi Arabia, one of them is the Abqaiq site. Western Governments and Saudi Arabia blamed Iran for […] | |||
|
2019-09-21 14:37:13 | MMD-0063-2019 – Summarize report of three years MalwareMustDie research (Sept 2016-Sept 2019) (lien direct) | Hello, it’s unixfreaxjp here. It has been a while since I wrote our own blog, and it is good to be back. Thank you for your patience for all of this time. The background It was after September 2016 when we decided to move our blog and since then I had a lot of fun […] | |||
|
2019-09-21 14:09:15 | One of the hackers behind EtherDelta hack also involved in TalkTalk hack (lien direct) | US authorities have indicted two men for hacking the exchange EtherDelta in December 2017, one of them was also accused of TalkTalk hack. US authorities have indicted two men, Elliot Gunton and Anthony Tyler Nashatka, for hacking the cryptocurrency exchange EtherDelta in 2017. In December 2017, the popular cryptocurrency exchange EtherDelta was hacked, attackers conducted […] | Hack | ||
|
2019-09-21 08:32:03 | 5 Cybersecurity Trends in the Professional Services Sector (lien direct) | Cybersecurity is an increasingly significant focus for many companies as cyberattacks become more frequent and more costly. Which are 5 Cybersecurity trends in the professional services sector? Professional services organizations are especially vulnerable due to the high value of the industry and the data they store - like Social Security numbers, personal financial information and classified […] |
To see everything:
Our RSS (filtrered)
